Edit page
TrueNAS SCALETrueCommand Version Documentation
This content follows TrueCommand 3.0 releases. Use the Product and Version selectors above to view content specific to TrueNAS software or major versions.

Configuring IDP SAML as SSO for TrueCommand SAML Service

TrueCommand allows identity provider (IDP) SAML single sign-on (SSO) configuration as of release 2.3.3. With IDP-SAML SSO you can configure a provider such as Okta, AuthO, OneLogin, or Google to provide TrueCommand SSO through the IDP SAML service dashboard instead of using the TrueCommand SAML sign-in option.

Security Assertion Markup Language (SAML) is an SSO standard for logging users into applications that require authentication credentials (like GitHub, G-Mail, etc.). SSO works by transferring a known identity for a user to another location that provides services to the user. SAML accomplishes the transfer by exchanging digitally-signed XML documents.

A SAML configuration requires an Identity Provider (IDP) and Service Provider (SP). When the IDP-SAML service provides the SSO, TrueCommand becomes the service provider.

IDP-SAML provider configuration settings and attributes can differ. This article provides general instructions, settings, and attributes for configuring an IDP-SAML SSO for TrueCommand as a cloud service provider.

TrueCommand IDP SAML does not support groups at this time.

TrueCommand Requirements

TrueCommand requires configuring the general settings and a set of attributes.

General Settings

Set support to PERSISTENT.

Download the IDP SAML metadata.

Download or copy/paste the single sign-in URL (https://)

Enter attributes as shown in the table below, with the underscore (attribute_name) if indicated.

For IDP SAML SSO, TrueCommand does not require the certificates from the IDP provider.

Mapping Attributes

Define these attributes in the IDP SAML service provider:

AttributeValue
Usernameunique_name
Full Namegiven_name or display_name
Emailmail or email
Titletitle
Phone Numbertelephone_number